CVSS: 7.8EPSS: %CPEs: 7EXPL: 0CVE-2025-39964 – crypto: af_alg - Disallow concurrent writes in af_alg_sendmsg
https://notcve.org/view.php?id=CVE-2025-39964
13 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: crypto: af_alg - Disallow concurrent writes in af_alg_sendmsg Issuing two writes to the same af_alg socket is bogus as the data will be interleaved in an unpredictable fashion. Furthermore, concurrent writes may create inconsistencies in the internal socket state. Disallow this by adding a new ctx->write field that indiciates exclusive ownership for writing. In the Linux kernel, the following vulnerability has been resolved: crypto: af_alg ... • https://git.kernel.org/stable/c/8ff590903d5fc7f5a0a988c38267a3d08e6393a2 •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2025-39961 – iommu/amd/pgtbl: Fix possible race while increase page table level
https://notcve.org/view.php?id=CVE-2025-39961
09 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: iommu/amd/pgtbl: Fix possible race while increase page table level The AMD IOMMU host page table implementation supports dynamic page table levels (up to 6 levels), starting with a 3-level configuration that expands based on IOVA address. The kernel maintains a root pointer and current page table level to enable proper page table walks in alloc_pte()/fetch_pte() operations. The IOMMU IOVA allocator initially starts with 32-bit address and o... • https://git.kernel.org/stable/c/754265bcab78a9014f0f99cd35e0d610fcd7dfa7 •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2025-39958 – iommu/s390: Make attach succeed when the device was surprise removed
https://notcve.org/view.php?id=CVE-2025-39958
09 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: iommu/s390: Make attach succeed when the device was surprise removed When a PCI device is removed with surprise hotplug, there may still be attempts to attach the device to the default domain as part of tear down via (__iommu_release_dma_ownership()), or because the removal happens during probe (__iommu_probe_device()). In both cases zpci_register_ioat() fails with a cc value indicating that the device handle is invalid. This is because the... • https://git.kernel.org/stable/c/359613f2fa009587154511e4842e8ab9532edd15 •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2025-39957 – wifi: mac80211: increase scan_ies_len for S1G
https://notcve.org/view.php?id=CVE-2025-39957
09 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: increase scan_ies_len for S1G Currently the S1G capability element is not taken into account for the scan_ies_len, which leads to a buffer length validation failure in ieee80211_prep_hw_scan() and subsequent WARN in __ieee80211_start_scan(). This prevents hw scanning from functioning. To fix ensure we accommodate for the S1G capability length. In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211... • https://git.kernel.org/stable/c/16c9244a62116fe148f6961753b68e7160799f97 •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2025-39955 – tcp: Clear tcp_sk(sk)->fastopen_rsk in tcp_disconnect().
https://notcve.org/view.php?id=CVE-2025-39955
09 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: tcp: Clear tcp_sk(sk)->fastopen_rsk in tcp_disconnect(). syzbot reported the splat below where a socket had tcp_sk(sk)->fastopen_rsk in the TCP_ESTABLISHED state. [0] syzbot reused the server-side TCP Fast Open socket as a new client before the TFO socket completes 3WHS: 1. accept() 2. connect(AF_UNSPEC) 3. connect() to another destination As of accept(), sk->sk_state is TCP_SYN_RECV, and tcp_disconnect() changes it to TCP_CLOSE and makes c... • https://git.kernel.org/stable/c/8336886f786fdacbc19b719c1f7ea91eb70706d4 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2023-53687 – tty: serial: samsung_tty: Fix a memory leak in s3c24xx_serial_getclk() when iterating clk
https://notcve.org/view.php?id=CVE-2023-53687
07 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: tty: serial: samsung_tty: Fix a memory leak in s3c24xx_serial_getclk() when iterating clk When the best clk is searched, we iterate over all possible clk. If we find a better match, the previous one, if any, needs to be freed. If a better match has already been found, we still need to free the new one, otherwise it leaks. In the Linux kernel, the following vulnerability has been resolved: tty: serial: samsung_tty: Fix a memory leak in s3c24... • https://git.kernel.org/stable/c/5f5a7a5578c5885201cf9c85856f023fe8b81765 • CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2023-53685 – tun: Fix memory leak for detached NAPI queue.
https://notcve.org/view.php?id=CVE-2023-53685
07 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: tun: Fix memory leak for detached NAPI queue. syzkaller reported [0] memory leaks of sk and skb related to the TUN device with no repro, but we can reproduce it easily with: struct ifreq ifr = {} int fd_tun, fd_tmp; char buf[4] = {}; fd_tun = openat(AT_FDCWD, "/dev/net/tun", O_WRONLY, 0); ifr.ifr_flags = IFF_TUN | IFF_NAPI | IFF_MULTI_QUEUE; ioctl(fd_tun, TUNSETIFF, &ifr); ifr.ifr_flags = IFF_DETACH_QUEUE; ioctl(fd_tun, TUNSETQUEUE, &ifr); ... • https://git.kernel.org/stable/c/cde8b15f1aabe327038ee4e0e11dd6b798572f69 •
CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0CVE-2023-53684 – xfrm: Zero padding when dumping algos and encap
https://notcve.org/view.php?id=CVE-2023-53684
07 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: xfrm: Zero padding when dumping algos and encap When copying data to user-space we should ensure that only valid data is copied over. Padding in structures may be filled with random (possibly sensitve) data and should never be given directly to user-space. This patch fixes the copying of xfrm algorithms and the encap template in xfrm_user so that padding is zeroed. In the Linux kernel, the following vulnerability has been resolved: xfrm: Ze... • https://git.kernel.org/stable/c/0725daaa9a879388ed312110f62dbd5ea2d75f8f •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2023-53683 – fs: hfsplus: remove WARN_ON() from hfsplus_cat_{read,write}_inode()
https://notcve.org/view.php?id=CVE-2023-53683
07 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: fs: hfsplus: remove WARN_ON() from hfsplus_cat_{read,write}_inode() syzbot is hitting WARN_ON() in hfsplus_cat_{read,write}_inode(), for crafted filesystem image can contain bogus length. There conditions are not kernel bugs that can justify kernel to panic. In the Linux kernel, the following vulnerability has been resolved: fs: hfsplus: remove WARN_ON() from hfsplus_cat_{read,write}_inode() syzbot is hitting WARN_ON() in hfsplus_cat_{read,... • https://git.kernel.org/stable/c/61af77acd039ffd221bf7adf0dc95d0a4d377505 •
CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 0CVE-2023-53682 – hwmon: (xgene) Fix ioremap and memremap leak
https://notcve.org/view.php?id=CVE-2023-53682
07 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: hwmon: (xgene) Fix ioremap and memremap leak Smatch reports: drivers/hwmon/xgene-hwmon.c:757 xgene_hwmon_probe() warn: 'ctx->pcc_comm_addr' from ioremap() not released on line: 757. This is because in drivers/hwmon/xgene-hwmon.c:701 xgene_hwmon_probe(), ioremap and memremap is not released, which may cause a leak. To fix this, ioremap and memremap is modified to devm_ioremap and devm_memremap. [groeck: Fixed formatting and subject] In the L... • https://git.kernel.org/stable/c/9d482a09acd3d5f61a56aefc125d32c81994707b •